Microsoft has rolled out an update to its popular Windows Phone platform that introduces an issue with its new mobile operating system that makes it possible for an attacker to send an SMS that includes malicious code that can be sent via an email.
Windows Phone 8.1, released on Tuesday, also introduces a new issue in the browser, the IE10 browser, that could allow an attacker with access to the browser’s address bar to spoof the user’s address.
The issue affects Windows Phone 7.1 and Windows Phone 9.3 users as well as users running Microsoft’s other mobile operating systems, Microsoft said in a blog post.
“An attacker who successfully exploited this vulnerability could send an email message that contains a specially crafted URL to an email address associated with a Microsoft account, potentially leading the user to open an unauthenticated web page,” Microsoft said.
This vulnerability is not currently exploitable in the wild.
Microsoft has been working on a fix for the issue, which was first reported in February.
The update was first released in June and is now available for download via the Windows Phone Store.
It is not available for Windows Phone 10, although the update will be made available to the platform’s users once Microsoft has fixed the vulnerability.
This post will be updated with further information as it becomes available.